Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Web Directory Security

Status
Not open for further replies.
kathrync2003

kathrync2003

Programmer
Mar 25, 2003
19
CA
Hello

I have a directory on my web server where I have placed directory security that prompts for a user name and password
into a secure area of my site.

I have a link on one of my web pages inside this directory whre the user can log out.

How do I locate where this login information
is stored.

 
Sort by date Sort by votes
If you're using HTTP Authentication (and it sounds like you might be, whether knowingly or not), I believe this can only be achieved by closing the browser down (see reference below).

With HTTP authentication, the client (such as a web browser) presents its own authentication dialog to the user when prompted for credentials by the server, after an initial request of a resource that is in a protected realm. (A realm is a URI, such as "/admin" and all resources under that URI, such as "/admin/moderation" and "/admin/users".) The user enters their username and password into the dialog, thereby authenticating themselves to the client for the requested realm. The client then uses those credentials to authenticate with the server for that realm from then on, until the client is exited. (I.e., there is usually no way to log out of a client authentication except by ending the client process.)
Click to expand...
(Source:
Clive
Runner_1Revised.gif

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"To err is human, but to really foul things up you need a computer." (Paul Ehrlich)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To get the best answers from this forum see: faq102-5096
 
Upvote 0 Downvote
Thanks for answering.

I mean where the login credential is stored on the visitor's machine.

I have a logout link and I want this link to
clear out the userid and password fields.

 
Upvote 0 Downvote
...and as Stretchwickster stated, if you are using HTTP Authentication (as I too suspect you are) then you proabably won't be able to make the logout link work.

Although, the webdev plugin for Firefox manages to clear HTTP Authentication without restarting the browser. So it must be possible in some way. Perhaps by clearing out all the session vars?

<honk>*:O)</honk>

Earl & Thompson Marketing - Marketing Agency Services in Gloucestershire
 
Upvote 0 Downvote
[!]This isn't tested[/!] but if using PHP you could try something like the following:

Code: 
$_SERVER['PHP_AUTH_USER']="";
$_SERVER['PHP_AUTH_PW']="";

This would probably be a question more suited to the forum for whichever server side language you are using.

<honk>*:O)</honk>

Earl & Thompson Marketing - Marketing Agency Services in Gloucestershire
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Digital Dose
  • Locked
  • Question
My website refreshes twice when it is opened on any browser. 1
Replies
3
Views
266
sartechy
sartechy
ycubed10
  • Locked
  • Question
Faulty web tool: Bloconomics
Replies
0
Views
160
ycubed10
ycubed10
JScannell
  • Locked
  • Question
Accessing a localhost website from other devices
Replies
4
Views
270
JScannell
JScannell
tyutghf
  • Locked
  • Question
Chat to current website visitors together
Replies
1
Views
195
antanasdeg
antanasdeg
tyutghf
  • Locked
  • Question
Linkedin updates on website
Replies
0
Views
159
tyutghf
tyutghf

Part and Inventory Search

Sponsor

Back
Top